|
|||
Release Date:03/21/2012
Attack Name:Detected Worm CodeRed
Severity:
BUG ID:
CVE ID:
Description:
|
Microsoft Internet Information Server (IIS) versions 4.0, 5.0, and 6.0 beta are vulnerable to a buffer overflow in the handling of ISAPI (Internet Services Application Programming Interface) extensions. This vulnerability is exploitable using the 'Code Red' and 'Code Red II' worm. The 'Code Red' worm is a self-propagating worm that scans random IP addresses on port 80 searching for vulnerable Web servers. Once a vulnerable Web server is found, the worm performs malicious activity before propagating to other vulnerable hosts. The 'Code Red II' worm does not deface Web sites, as the original version of the worm did, but it carries a more serious threat -- it contains a Trojan Horse payload, which could allow any remote attacker to further compromise infected systems. The 'Code Red II' worm also has the ability to scan for vulnerable hosts much faster than previous versions, which has already been reported to cause failures in certain network components by overloading them with network traffic.
Solution:
|